I currently have one EC2 instance that is starting to send alerts for high CPU usage. I want to create another instance and use this instance for the database and keep my existing instance for the web server.

I'm running Windows Server 2008 R2 and have an Elastic IP for the current server.

I want to install another instance, install SQL Server express and allow the instances to communicate using SQL Server, however I don't want SQL Server to be open to the rest of the internet, just the web server instance.

1 Answer
1

Whether you use RDS or SQL Server on your own EC2 instance, the following can be done to restrict connections to your SQL Server to only those originating from your EC2 instance.

When you start your RDS Server or EC2 Instance with SQL Server, you will be given a choice of the Security Group to assign to the server/instance. Let's call that SecurityGroup1.

Your original EC2 instance is also has a security group assigned to it. Let's call that SecurityGroup2.

In the configuration for SecurityGroup1 (whether RDS or EC2), you can allow connections on port 1433 (the default SQL Server port) to SecurityGroup2. You may need to specify the group by is sg- identifier. If you close traffic to all other sources (ie. don't allow anything else), then you've effectively restricted connections.

Note that the above will only work when the 2 servers are in the same region.